bugie1981
asked on
w2k system error 5721
I noticed the following problem a few days ago & I can't think of any reason why it would have suddenly started.
When logging onto the domain with a domain controller (WINS server) I get the message - At least one service or driver failed to start during system startup. The system log is reporting Error 5721 - The setup session to the windows nt or windows 2000 domain controller <unknown> for the domain DOMAINNAME failed bacause the domain controller does not have an account for the computer COMPUTERNAME.
When I try to net view the main domain controller (by that I mean the 1st dc in the domain) I get a system error 5 - Access is Denied.
I have looked on the main domain controller and noticed there is no trace of the WINS server in DNS, AD Users & Computers or AD Sites & Services, it's as if it's vanished!!
I thought about removing the server from the domain using dcpromo, it goes as far as to try and remove AD then reports - The operation failed because : The specified domain either does not exist or could not be contacted.
I need this domain controller working as it previously has been, any help would be most appreciated. Thanks.
When logging onto the domain with a domain controller (WINS server) I get the message - At least one service or driver failed to start during system startup. The system log is reporting Error 5721 - The setup session to the windows nt or windows 2000 domain controller <unknown> for the domain DOMAINNAME failed bacause the domain controller does not have an account for the computer COMPUTERNAME.
When I try to net view the main domain controller (by that I mean the 1st dc in the domain) I get a system error 5 - Access is Denied.
I have looked on the main domain controller and noticed there is no trace of the WINS server in DNS, AD Users & Computers or AD Sites & Services, it's as if it's vanished!!
I thought about removing the server from the domain using dcpromo, it goes as far as to try and remove AD then reports - The operation failed because : The specified domain either does not exist or could not be contacted.
I need this domain controller working as it previously has been, any help would be most appreciated. Thanks.
Are you just missing the consoles? or the applications as well?
Initially I'd tell you to install the administrative tools (in the CD i386\adminpak.msi)
Another approach would be to open AD users and computers from another DC. Then try to connect to the "failed" DC (if you right-click in the domain name, there's an option to change the DC that you are viewing info from)
If you check the "services" admin tool, are WINS, DNS, etc in there? what about task manager. Are all this services running?
Initially I'd tell you to install the administrative tools (in the CD i386\adminpak.msi)
Another approach would be to open AD users and computers from another DC. Then try to connect to the "failed" DC (if you right-click in the domain name, there's an option to change the DC that you are viewing info from)
If you check the "services" admin tool, are WINS, DNS, etc in there? what about task manager. Are all this services running?
This article best describes it but it's more for an NT domain:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;160324
http://support.microsoft.com/default.aspx?scid=kb;EN-US;160324
You would by chance have a backup of the "System State" would you?
ASKER
Thanks for you replies.
Yes the computer account was definatley gone. If I add the computer account manually from users & computers no NTFRS subscriptions appear. Also if I add the account to Sites & Services there are no NTDS settings appearing.
I tried the vbs and I have the list of numbers from the script, thanks for that.
What do I do with this now?
I have checked out the microsoft info and as you say it is mainly pointing to NT4. But I'll have another look to see if can help.
I don't have a backup of the "System State".
Yes the computer account was definatley gone. If I add the computer account manually from users & computers no NTFRS subscriptions appear. Also if I add the account to Sites & Services there are no NTDS settings appearing.
I tried the vbs and I have the list of numbers from the script, thanks for that.
What do I do with this now?
I have checked out the microsoft info and as you say it is mainly pointing to NT4. But I'll have another look to see if can help.
I don't have a backup of the "System State".
Dang, no System State. That would have been nice. When you added the account, select the checkbox that says "This is a managed computer" and then enter in the GUID. I've never tried this but it's your best option if you don't have the sys state, other than formatting. There might be a manual removal procedure of AD, but I wouldn't trust it
ASKER
Trust me the System State is getting backed up on all my servers once I have this resolved!
I know the managed window you mean where you have to enter the GUID/UUID but...
When I add the account in users & computers the only info I can specify is Computer Name, Computer Name (Pre 2k) & whether I want pre 2k computers to use this account. I only have the OK or CANCEL options whereas to get to the managed window I need next. I don't know why I haven't got this option, could it be because I'm still running mixed mode.
Do you know if the GUID can be entered after the computer account has been created?
I know the managed window you mean where you have to enter the GUID/UUID but...
When I add the account in users & computers the only info I can specify is Computer Name, Computer Name (Pre 2k) & whether I want pre 2k computers to use this account. I only have the OK or CANCEL options whereas to get to the managed window I need next. I don't know why I haven't got this option, could it be because I'm still running mixed mode.
Do you know if the GUID can be entered after the computer account has been created?
I don't think so. Have you tried accessing the network now that the account is there? I don't think things will be back to norm until you demote and promote, I was just thinking that doing this might let you demote it now.
now that you recreated the account and it should be in the Domain Controllers OU, have you tried to right click on the machine name (from AD users and computers) and "reset account"? it may resync the SID
just a blind guess
just a blind guess
Ahh, I think I found it. From the PDC, Start -- Run -- srvmgr
This has an option for adding a BDC, once it's added, goto Site and Services and replicate it to the other servers
This has an option for adding a BDC, once it's added, goto Site and Services and replicate it to the other servers
maybe I'm getting lost, but you had a windows 2000 DC that is no longer in AD.
You cannot remove AD, and you are not recognised as part of the domain either.
have you tried to boot in Directory services restore mode and use ntdsutil
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/ntdsutil.asp
to perform some cleanup and uninstall completely AD?
I believe that once you have cleaned up AD, you should be able to rejoin the domain and install AD again.
You cannot remove AD, and you are not recognised as part of the domain either.
have you tried to boot in Directory services restore mode and use ntdsutil
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/ntdsutil.asp
to perform some cleanup and uninstall completely AD?
I believe that once you have cleaned up AD, you should be able to rejoin the domain and install AD again.
(this procedure may distroy your active directory)
Do you have backup of the C drive of your main server??
If so, you could do something. It's a bit tricky but it could work:
1 - make a backup of the system state of your main server
2 - start the main server in Directory services restore mode.
3 - Restore the files in c:\winnt\ntds from a backup when the AD was fine
4 - Restart the server
At this point you should be running the machine with the old AD settings, and your failed server should be able to connect, otherwise just restart in DS Restore mode and restore the system state.
If the second server reconnected, uninstall AD from the server while both are online and remove it from the domain.
Restart the main server in DS Restore mode and restore the system state.
Rejoin the domain with the second server and eventually reinstall AD.
A bit risky but may work.
If your server is just DC and WINS... reinstall it. It'll be quicker and safer :(
Do you have backup of the C drive of your main server??
If so, you could do something. It's a bit tricky but it could work:
1 - make a backup of the system state of your main server
2 - start the main server in Directory services restore mode.
3 - Restore the files in c:\winnt\ntds from a backup when the AD was fine
4 - Restart the server
At this point you should be running the machine with the old AD settings, and your failed server should be able to connect, otherwise just restart in DS Restore mode and restore the system state.
If the second server reconnected, uninstall AD from the server while both are online and remove it from the domain.
Restart the main server in DS Restore mode and restore the system state.
Rejoin the domain with the second server and eventually reinstall AD.
A bit risky but may work.
If your server is just DC and WINS... reinstall it. It'll be quicker and safer :(
ASKER
The problem is still the same but I haven't taken into account the last 4 comments. Time difference is a bitch! I'll take that info on board guys and try each in turn. I'll get back to you asap to let you know how I get on. Cheers.
I agree with Ralonso about saving time by reinstalling... but if you really don't want to and you still can't clear AD manually with ntdsutil, remove it from the network and use ntdsutil to seize the roles. If that works, delete all the other domain controllers from AD and then try demoting with dcpromo. You'll need to click the checkbox that says "This server is the last domain controller in the domain". If that works, knock it down to a workgroup, then you should be able to reconnect it to the network and rejoin.
ASKER
reinstallation isn't an option, the server holds numerous databases and applications that are being used around the WAN, it's imperitive to our users. I like the sound of the last comment from Popeyediceclay and I'm going to give that a go, unfortunately I'm going to have to wait until the end of the working day before I take the server down. I'll let you know how this one turns out as soon as I'm done. Thanks again
ASKER
I took the server off the network & cleared the AD down so that I could claim it was the last server in the domain. The AD installation failed giving me a message -
This is not the last domain controller in the domain, The server is not willing to process.
I then had an idea to shut down the faulty server and add a new w2k server to the domain with the same computer name & IP address as the faulty one. This was done successfully.
The main dc now has NTDS settings, NTFRS subscriptions & a DNS record for the server.I then shut down the new server & fired up the old faulty one.
The server dropped into the domain no problem and seems to be doing it's job, I can now access the main dc without error. Problem being it has very little (& incorrect) data in AD.
I thought a depromotion and repromotion would resolve this but when I tried running dcpromo I get "The specified domain controller either does not exist or could not be contacted".
Reluctantly it looks like I am going to have to reinstall. Can I do this without losing data or is it a case of backing up the data, formatting, reloading windows and then restoring the data?
That would be a nightmare as it hosts my sql database and it the domains WINS server, plus it's raid5.
This is not the last domain controller in the domain, The server is not willing to process.
I then had an idea to shut down the faulty server and add a new w2k server to the domain with the same computer name & IP address as the faulty one. This was done successfully.
The main dc now has NTDS settings, NTFRS subscriptions & a DNS record for the server.I then shut down the new server & fired up the old faulty one.
The server dropped into the domain no problem and seems to be doing it's job, I can now access the main dc without error. Problem being it has very little (& incorrect) data in AD.
I thought a depromotion and repromotion would resolve this but when I tried running dcpromo I get "The specified domain controller either does not exist or could not be contacted".
Reluctantly it looks like I am going to have to reinstall. Can I do this without losing data or is it a case of backing up the data, formatting, reloading windows and then restoring the data?
That would be a nightmare as it hosts my sql database and it the domains WINS server, plus it's raid5.
sounds like there is still entries for other server in the database, did you clear them out with ntdsutil? How bout siezing the 5 roles?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you try to reset the failed DC's account from AD users and computers and force a replication of AD?
does your event viewer display any error message in the AD log?
does your event viewer display any error message in the AD log?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi guys. I've been away for a few days which is why the late reply. After trying everything, nothing has worked to the way I want it. I am going to format the server and rebuild it from scratch. I would like to share the points between you both as your info has helped me alot.
How do I go about sharing the points? As this is the first time I have asked a question on this website.
Thanks Again.
How do I go about sharing the points? As this is the first time I have asked a question on this website.
Thanks Again.
Dim SystemSet
Set SystemSet = GetObject("winmgmts:").Ins
For Each SystemItem In SystemSet
szUUID = SystemItem.UUID
If szUUID = "FFFFFFFF-FFFF-FFFF-FFFF-F
MsgBox "No system UUID could be found. This system does " & _
"not appear to support Intel's Wired For Management " & _
"specification. This script will now try and retrive " & _
"a MAC based UUID.", vbInformation, "Not WFM capable"
boolWFMCapable = 0
Else
InputBox "Successfully retrieved a system UUID, " & szUUID & _
". This UUID has been placed in the text area below " & _
"for your convenience.", "WFM Capable", szUUID
boolWFMCapable = 1
End If
Next
Cut and paste this into a text file and call it GUID.vbs, then run it
It should give you a number like "FFFFFFFF-FFFF-FFFF-FFFF-F